WP hack?
- Started
- Last post
- 17 Responses
- pockets
http://ecc-expo.com/wp-includes/…...
any wordpress site with the following:
/wp-includes/js/swfupload/swfupl...
click on undefined..
is this exploitable?
fix would be:
find -name "swfupload.swf" -exec chmod 600 {} \;`
- pockets0
http://ecc-expo.com /wp-includes /js/ swfupload /swfupload.swf
- sted0
<files swfupload.swf>
order allow,deny
deny from all
</files>- yea i got that, but i mean this applies to how many fucking wordpress sites in the world?pockets
- at my best knowledge this crap was fixed years ago, you got some issues with it recently?sted
- the latest update caused the hole to open up, i had 22 sites hackedpockets
- geez the one what released few days ago?sted
- are you sure that this was used?sted
- i'm still investigating this actuallypockets
- sted0
pockets, your site is an easy target.
check your setup, and if it's possible use wordfence pls.
- pockets0
https://www.angrybirds.com/ wp-includes/js /swfupload/ swfupload.swf
- sted0
dumped in wordfence? I'm a little drunk pls explain
just a few things:
<meta name="generator" content="WordPress 4.5.3" />
<meta name="generator" content="WooCommerce 2.6.1" />
http://*/readme.htmland why is?
<script type='text/javascript' src='http://*.com/wp-includes/js/plupload/plupload.full.min.js?ver=2.1.8'></script>
- sted0
slowly but got it, was a bit confusing admit it :)
- BabySnakes0
making me worried about updating. is this wp core related or a plugin exploit?
- fadein110
Not sure about this but all my sites have been doing an auto update over last couple of days, is it to do with this?
- pockets0
https://packetstormsecurity.com /files /121348/ SWFUpload-CSRF-XSS-Object-Inject...
- pockets0
https://packetstormsecurity.com /files /121348/ SWFUpload-CSRF-XSS-Object-Inject...
- noneck0
So clicking on Undefined brings up the file select dialog, but it won't upload anything. Not sure how this is a vulnerability.
I'm guessing a different vector was used on your hacked sites.
- fadein110
Yep - just been on WP security blog - no mention of this